squaremap

Hello, I'd like to report that DOMAIN/tiles/players.json are leaking coords of players, even the hidden ones... Could we somehow disable this to be accessed from players, or disable sharing coords or something? Or may encrypt it? It's really powerful in case we show the map only in 1 world but others can find other players in other world using this...

I tried even setting:

    ui:
        coordinates:
            enabled: false

but it doesn't help.

I think the best would be if it's encrypted somehow or some solution for it... but encryption couldn't be found in source code or so, somehow uniquely encrypted.

As I think it makes really big issue

Players found it & now they can use it to track people that aren't visible on map... in different world or if they're invis or hidden

squaremap/common/src/main/java/xyz/jpenilla/squaremap/common/task/UpdatePlayers.java

Lines 79 to 114 in 2604148

    
               world.players().forEach(player -> { 
        
                   if (worldConfig.PLAYER_TRACKER_HIDE_SPECTATORS && player.gameMode.getGameModeForPlayer() == GameType.SPECTATOR) { 
        
                       return; 
        
                   } 
        
                   if (worldConfig.PLAYER_TRACKER_HIDE_INVISIBLE && player.isInvisible()) { 
        
                       return; 
        
                   } 
        
                   if (worldConfig.PLAYER_TRACKER_HIDE_MAP_INVISIBILITY_EQUIPMENT && hasMapInvisibilityItemEquipped(player)) { 
        
                       return; 
        
                   } 
        
                   if (this.playerManager.hidden(player) || this.playerManager.otherwiseHidden(player)) { 
        
                       return; 
        
                   } 
        
                   final Map<String, Object> playerEntry = new HashMap<>(); 
        
                   final Vec3 playerLoc = player.position(); 
        
                   playerEntry.put("name", player.getGameProfile().getName()); 
        
                   if (worldConfig.PLAYER_TRACKER_USE_DISPLAY_NAME) { 
        
                       playerEntry.put("display_name", htmlComponentSerializer.serialize(this.playerManager.displayName(player))); 
        
                   } 
        
                   playerEntry.put("uuid", player.getUUID().toString().replace("-", "")); 
        
                   playerEntry.put("world", Util.levelWebName(world)); 
        
                   if (worldConfig.PLAYER_TRACKER_ENABLED) { 
        
                       playerEntry.put("x", Mth.floor(playerLoc.x())); 
        
                       playerEntry.put("y", Mth.floor(playerLoc.y())); 
        
                       playerEntry.put("z", Mth.floor(playerLoc.z())); 
        
                       playerEntry.put("yaw", Math.round(player.getYHeadRot())); 
        
                       if (worldConfig.PLAYER_TRACKER_NAMEPLATE_SHOW_ARMOR) { 
        
                           playerEntry.put("armor", armorPoints(player)); 
        
                       } 
        
                       if (worldConfig.PLAYER_TRACKER_NAMEPLATE_SHOW_HEALTH) { 
        
                           playerEntry.put("health", (int) player.getHealth()); 
        
                       } 
        
                   } 
        
                   players.add(playerEntry); 
        
               }); 
        
           });

@jpenilla

Wait then I'm a bit confused, why my map shows even the players in that file that aren't on enabled maps?

Like even the ones that are outside overworld, like world_events world and many other worlds, and full coordinates there in tiles

@jpenilla

ok sorry I prob made wrong statement, it shows players that could be visible but aren't because they're in disabled maps. (in the tiles file)

These who are hidden using the command are hidden

	world.players().forEach(player -> {
	if (worldConfig.PLAYER_TRACKER_HIDE_SPECTATORS && player.gameMode.getGameModeForPlayer() == GameType.SPECTATOR) {
	return;
	}
	if (worldConfig.PLAYER_TRACKER_HIDE_INVISIBLE && player.isInvisible()) {
	return;
	}
	if (worldConfig.PLAYER_TRACKER_HIDE_MAP_INVISIBILITY_EQUIPMENT && hasMapInvisibilityItemEquipped(player)) {
	return;
	}
	if (this.playerManager.hidden(player) \|\| this.playerManager.otherwiseHidden(player)) {
	return;
	}
	final Map<String, Object> playerEntry = new HashMap<>();
	final Vec3 playerLoc = player.position();
	playerEntry.put("name", player.getGameProfile().getName());
	if (worldConfig.PLAYER_TRACKER_USE_DISPLAY_NAME) {
	playerEntry.put("display_name", htmlComponentSerializer.serialize(this.playerManager.displayName(player)));
	}
	playerEntry.put("uuid", player.getUUID().toString().replace("-", ""));
	playerEntry.put("world", Util.levelWebName(world));
	if (worldConfig.PLAYER_TRACKER_ENABLED) {
	playerEntry.put("x", Mth.floor(playerLoc.x()));
	playerEntry.put("y", Mth.floor(playerLoc.y()));
	playerEntry.put("z", Mth.floor(playerLoc.z()));
	playerEntry.put("yaw", Math.round(player.getYHeadRot()));
	if (worldConfig.PLAYER_TRACKER_NAMEPLATE_SHOW_ARMOR) {
	playerEntry.put("armor", armorPoints(player));
	}
	if (worldConfig.PLAYER_TRACKER_NAMEPLATE_SHOW_HEALTH) {
	playerEntry.put("health", (int) player.getHealth());
	}
	}
	players.add(playerEntry);
	});
	});

Share to